I am too tired to read this fully but for my feeling it does not need ML to do anything; for IPs outside China that are not specifically blocked, it just gives you full packets the n minutes, half packets passed the second n minutes 1/4th packets passed the next etc. That seems quite consistent with our browsing and download experience. I downloaded a few ISO images (Ubuntu versions) from different servers in the west and I saw this behavior. With browsing as well. That seem is much easier to implement than ML and it seems to amount to the same annoyance.
Where you can see that it does use some tricks (with maybe ML but maybe just hackers adding tricks) to find what you are trying to browse via encryption. Many VPNs work fine with a lot of URLs but will do 100% packet drop on Facebook ; even though I checked for obvious leaks. It is clear something is leaking but it is not obvious.
None of the information above is new to those familiar with the GFW. It is only after I reached this point in my tests that I did some deeper reading and learned that the GFW uses machine learning algorithms to learn, discover, and block VPNs and proxies.
Where you can see that it does use some tricks (with maybe ML but maybe just hackers adding tricks) to find what you are trying to browse via encryption. Many VPNs work fine with a lot of URLs but will do 100% packet drop on Facebook ; even though I checked for obvious leaks. It is clear something is leaking but it is not obvious.